Select Your Language

Support

GHOST glibc Vulnerability

Summary

Quantum products that have been developed using the GNU C Library (glibc) may be affected by the GHOST glibc vulnerability identified as CVE-2015-0235 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235). The GHOST vulnerability is a serious weakness in the Linux glibc library. It allows attackers to remotely take complete control of the victim system without having any prior knowledge of system credentials.

Quantum is committed to providing timely product updates to correct the GHOST vulnerability, and this advisory will be updated accordingly as we move forward.

Unaffected Quantum Products

The following Quantum products are known to be unaffected by the GHOST vulnerability.

Scalar Key Manager

Scalar Tape Libraries

Scalar LTFS

SuperLoader3

StorNext Q-series QD/QS/QSX

LTO Drives

StorNext Software

vmPRO

Vulnerable Quantum Products

Versions of the following Quantum products are known to be vulnerable to GHOST.

DXi-Series

Lattus (C5, C10, S10, S20)

StorNext Appliances

Quantum Products Under Investigation

The following Quantum products are still under investigation for vulnerability to GHOST.

Vision

Lattus A10

Impact

A remote attacker able to make an application call using gethostbyname() or gesthostbyname2() functions could use this flaw to execute arbitrary code with the permissions of the user running the application..

Software Versions and Fixes

Patches to Quantum software and firmware are in progress; please contact your Quantum service representative for the latest status on availability.